Product:

Suitecrm

(Salesagility)
Repositories https://github.com/salesagility/SuiteCRM
#Vulnerabilities 64
Date Id Summary Products Score Patch Annotated
2023-10-03 CVE-2023-5350 SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Suitecrm 9.1
2023-10-03 CVE-2023-5351 Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. Suitecrm 5.4
2023-07-11 CVE-2023-3627 Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. Suitecrm 8.8
2022-03-07 CVE-2022-0755 Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Suitecrm 4.3
2022-03-07 CVE-2022-0756 Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Suitecrm 6.5
2023-06-16 CVE-2023-3293 Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. Suitecrm 4.8
2023-02-25 CVE-2023-1034 Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. Suitecrm 8.8
2021-10-04 CVE-2021-41869 SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. Suitecrm 8.8
2022-04-15 CVE-2022-27474 SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. Suitecrm 7.2
2022-03-10 CVE-2022-23940 SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets... Suitecrm 8.8